stackoom
  简体   繁体   中英

Assign the Service Connection User a role through ARM template

 原文  2022-04-08 06:44:46       azure/ azure-devops/ azure-active-directory/ azure-resource-manager/ azure-app-configuration

Question

We just started recently using App Configuration Service in Azure for some of our applications.

As part of the setup, we removed Access Keys as a possible authentication method. This works pretty well, we have assigned dataowner rights to our team so that they can manage the service and everyone is happy.

We came up with the brilliant idea of using the app config service in our build and release yaml pipelines. We found a suitable task, but the user that is attached to the service connection that we use in Azure Devops to deploy to Azure does not have the rights to access the configuration store.

We want to be able to assign this right in the arm template we created for the app config service. The issue though is that we cannot find the principle id assigned to that user.

Honestly, I am not that experienced with AAD, so I am probably missing something here. The ServicePrincipleId does not work, whenever I try to use it, azure tells me that that user does not exist. I get redirected to an app-registration page whenever I try to manage the service connection, which I don't understand either.

Next steps for me will be to get our admin to manually assign this right to the Service Connection User and see if I can extract the principle Id from that role assignment.

My question(s) would be, why doesn't the service principle work? How do I extract the principle id from the service connection?

1 answers

solution1
 1 ACCPTED  2022-04-18 17:28:39

Could you please try below steps?

  1. In Azure DevOps, go to the project that contains your target pipeline. In the lower-left corner, select Project settings.
  2. Select Service connections.
  3. Select Manage Service Principal.
  4. From there, you should be able to find the objectId of your Service Principal, which uniquely identifies your SP.

Also these posts are great resources to learn about AAD Apps and Service Principals:

  1. https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals
  2. https://stackoverflow.com/questions/54066287/azure-service-principal-id-vs-application-id#:~:text=objectId%20will%20be%20a%20unique,will%20be%20same%20as%20appId%20 .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Assign role to user using Service principal Setting Azure's Service tier in arm template ARM template - bad request failed when deploying a linked service Allow Cloud Service ARM template deployment to a different subscription than the keyVault create a service catalog i am role in cloudformation template Adding a RBAC role to multiple users using single azure resource via ARM template ARM Template Coginitive services SignalR connection failing when calling through an intermittent WebApi Service ARM template outputs Powershell Script to deploy the ARM Template
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM